Text

Bidtext

Stefan Karlsson's PhD Defense

2024/08/29

Stefan Karlsson, PhD student of ARRAY will defend his PhD thesis on 10th September at 13:15

Title: Exploring API Behaviours by Example Generation

Date and time: September 10, 2024, 13:15

Room: Zeta (Västerås Campus)

Opponent: Mike Papadakis, Associate Professor, University of Luxembourg

Committee:

Gregory Gay, Associate Professor, Chalmers, Sweden

Markus Borg, Adjunct Associate Professor, Lund University, Sweden

Valentina Lenarduzzi, Associate Professor, University of Oulu, Finland

Elaine Åstrand, Associate Professor, Mälardalen University, Sweden (reserve)

Advisors:

Daniel Sundmark, Professor, Mälardalen University, Sweden

Adnan Causevic, PhD, Mälardalen University / Alstom Rail, Sweden

Robbert Jongeling, Senior Lecturer, Mälardalen University, Sweden

Abstract

Understanding the behaviour of complex software-intensive systems is a hard task. For developers of such systems, understanding the actual behaviours is critical in order to successfully create, extend, and maintain them.

The goal of the work in this thesis is to support explorations of the behaviour of software systems through their APIs. We fulfil this goal by generating examples of behaviours the system exhibits. An example is expressed as a sequence of API operations - with parameters, if required---that conforms to a specific behaviour.

Examples of behaviours, such as sequences of operations performed on the system, have been shown to be a good way to further the understanding of software systems for both end users and developers. However, manually creating examples requires effort. In addition, manually created examples only contain what a human can imagine - which might miss important cases, such as unintended behaviours.

The main proposed approach in this thesis is to support users in exploring the behaviour of their software system by automatically generating examples of actual behaviour. By only interacting with the system by the exposed API, we assess the behaviours as exposed to an end user of the API. The input to the approach is a set of API operations and schema of operation parameters. Sequences of operations are generated containing these provided operations. The observed responses from executing the generated sequences are used to assess if the API show an example of a sought behaviour. Found examples go through a shrinking process - trying to find a more minimal sequence showing the same behaviour - and are then reported to the user of the approach.

The approach is capable of both generating examples of faults in the system and of generating examples of general behaviours. We show evidence of this through multiple evaluations. We have evaluated the fault-finding capabilities by generating examples producing fault-indicating error codes and showing how the configuration of generators affects the interaction with the system. In addition, we evaluate the capability of the approach to generate relevant examples, both in the general API case and in the specific case of REST APIs. By conducting multiple focus group sessions, we conclude that the examples of behaviours produced by the approach indeed aid industry practitioners. The generated examples are deemed relevant for use cases such as testing, documenting, and understanding the behaviour of the system.